PC World Forums: Latest Foxmarks Add-On for Firefox Tackles Password Backups - PC World Forums

Post your comments for Latest Foxmarks Add-On for Firefox Tackles Password Backups here

Foxmarks is a great add-on for Firefox.
Worth noting that Password-sync has been a feature for a couple of months though
:-)

Ya, like I'm gonna tell some site what all my passwords are.
NOT in this life.

A "security review" which says that AES stands for "automatic edit summaries" is not exactly comforting.

I still think that letting someone getting hold of all your passwords is a really bad idea. Major banks get hacked, if you go and put all eggs in one basket is an open invitation for thinking about ways of getting them.
Bookmark sync is ok, password sync no.

I don't store passwords in anything (well, I do have a flash disk that I plug in on occasion that has passwords saved to it).

Nothing that caches passwords is secure.

Here's my scenario. Someone installs this plugin on your unattended (but still logged in machine), backs up your passwords, cleans up, takes them home, and 'restores' them to their own copy of Firefox.

Evildave said:

How secure! ;)


> Nothing that caches passwords is secure.

Here's my scenario. Someone installs this plugin on your unattended (but still logged in machine), backs up your passwords, cleans up, takes them home, and 'restores' them to their own copy of Firefox.
[/quote]

If your machine is left unattended but still logged in, then you're owned anyway.

In the time it takes me to walk up to your computer, download the Foxmarks addon, create a Foxmarks account and turn on the password sync-feature, I could have just clicked Tools > Options > Security > Saved Passwords, and clicked the 'Show Passwords' button.

You're right: nothing that caches passwords is secure. Firefox not only caches them, but will show them to me in just a few clicks. :_|

And most people have bad habits with passwords.

Once you have 'one', you might have all of their passwords.

That quick glance at the list would tell you if they re-use them. So you could have their login, router, retailer, bank, etc. password just by seeing the one repeated password.

So another key lesson is not to re-use passwords. At least not the ones that are more important than others. At least think up and memorize a couple of more passwords for your personal email and bank accounts.

I don't store my passwords period. I am ok with the login name but never the passwords

I don't think it's very wise to send passwords over the internet to be stored by some other company. I wouldn't even store them on my PC.


By the way, to clarify what ~187417] [said|m-166336], according to [Wikipedia, AES stands for Advanced Encryption Standard, not automatic edit summaries.